org.springframework.security.authentication.event.AbstractAuthenticationEvent Java Examples

The following examples show how to use org.springframework.security.authentication.event.AbstractAuthenticationEvent. You can vote up the ones you like or vote down the ones you don't like, and go to the original project or source file by following the links above each example. You may check out the related API usage on the sidebar.
Example #1
Source File: InternalAuthenticationProvider.java    From osiam with MIT License 7 votes vote down vote up
@Override
public void onApplicationEvent(AbstractAuthenticationEvent appEvent) {
    String currentUserName = extractUserName(appEvent);
    if (currentUserName == null || isLockMechanismDisabled()) {
        return;
    }

    if (appEvent instanceof AuthenticationSuccessEvent &&
            accessCounter.containsKey(currentUserName) &&
            accessCounter.get(currentUserName) < maxLoginFailures) {

        accessCounter.remove(currentUserName);
        lastFailedLogin.remove(currentUserName);
    }

    if (appEvent instanceof AuthenticationFailureBadCredentialsEvent) {
        if (accessCounter.containsKey(currentUserName)) {
            accessCounter.put(currentUserName, accessCounter.get(currentUserName) + 1);
        } else {
            accessCounter.put(currentUserName, 1);
        }
        lastFailedLogin.put(currentUserName, new Date());
    }
}
 
Example #2
Source File: InternalAuthenticationProvider.java    From osiam with MIT License 6 votes vote down vote up
private String extractUserName(AbstractAuthenticationEvent appEvent) {
    if (appEvent.getSource() != null && appEvent.getSource() instanceof InternalAuthentication) {
        InternalAuthentication internalAuth = (InternalAuthentication) appEvent.getSource();

        if (internalAuth.getPrincipal() != null) {

            if (internalAuth.getPrincipal() instanceof User) {
                User user = (User) internalAuth.getPrincipal();
                return user.getUserName();
            }
            if (internalAuth.getPrincipal() instanceof String) {
                return (String) internalAuth.getPrincipal();
            }
        }
    }

    return null;
}
 
Example #3
Source File: SpringEventListener.java    From ranger with Apache License 2.0 6 votes vote down vote up
@Override
   public void onApplicationEvent(AbstractAuthenticationEvent event) {
try {
    if (event instanceof AuthenticationSuccessEvent) {
	process((AuthenticationSuccessEvent) event);
    } else if (event instanceof AuthenticationFailureBadCredentialsEvent) {
	process((AuthenticationFailureBadCredentialsEvent) event);
    } else if (event instanceof AuthenticationFailureDisabledEvent) {
	process((AuthenticationFailureDisabledEvent) event);
    }
    // igonre all other events

} catch (Exception e) {
    logger.error("Exception in Spring Event Listener.", e);
}
   }
 
Example #4
Source File: GenericEventAdapter.java    From inception with Apache License 2.0 5 votes vote down vote up
@Override
public boolean accepts(Object aEvent)
{
    return aEvent instanceof ApplicationEvent && !(
            aEvent instanceof ApplicationContextEvent || 
            aEvent instanceof ServletRequestHandledEvent ||
            aEvent instanceof SessionCreationEvent ||
            aEvent instanceof SessionDestroyedEvent ||
            aEvent instanceof AbstractAuthorizationEvent ||
            aEvent instanceof AbstractAuthenticationEvent ||
            aEvent instanceof WebServerInitializedEvent);
}
 
Example #5
Source File: LoggerListener.java    From document-management-system with GNU General Public License v2.0 5 votes vote down vote up
@Override
public void onApplicationEvent(AbstractAuthenticationEvent event) {
	if (event instanceof AuthenticationSuccessEvent) {
		log.debug("Authentication OK: {}", event.getAuthentication().getName());

		// Activity log
		Object details = event.getAuthentication().getDetails();
		String params = null;

		if (details instanceof WebAuthenticationDetails) {
			WebAuthenticationDetails wad = (WebAuthenticationDetails) details;
			params = wad.getRemoteAddress();
		} else if (GenericHolder.get() != null) {
			params = (String) GenericHolder.get();
		}

		// AUTOMATION - POST
		Map<String, Object> env = new HashMap<>();
		env.put(AutomationUtils.USER, event.getAuthentication().getName());
		try {
			AutomationManager.getInstance().fireEvent(AutomationRule.EVENT_USER_LOGIN, AutomationRule.AT_POST, env);
		} catch (Exception e) {
			log.info("Automation ERROR: {}", e.getCause());
		}

		UserActivity.log(event.getAuthentication().getName(), "LOGIN", null, null, params);
	} else if (event instanceof AuthenticationFailureBadCredentialsEvent) {
		log.info("Authentication ERROR: {}", event.getAuthentication().getName());
	}
}
 
Example #6
Source File: AuthenticationListener.java    From dhis2-core with BSD 3-Clause "New" or "Revised" License 5 votes vote down vote up
@EventListener({ InteractiveAuthenticationSuccessEvent.class, AuthenticationSuccessEvent.class })
public void handleAuthenticationSuccess( AbstractAuthenticationEvent event )
{
    Authentication auth = event.getAuthentication();

    if ( TwoFactorWebAuthenticationDetails.class.isAssignableFrom( auth.getDetails().getClass() ) )
    {
        TwoFactorWebAuthenticationDetails authDetails =
            ( TwoFactorWebAuthenticationDetails ) auth.getDetails();

        log.debug( String.format( "Login attempt succeeded for remote IP: %s", authDetails.getIp() ) );
    }

    final String username = event.getAuthentication().getName();

    UserCredentials credentials = userService.getUserCredentialsByUsername( username );

    boolean readOnly = config.isReadOnlyMode();

    if ( Objects.nonNull( credentials ) && !readOnly )
    {
        credentials.updateLastLogin();
        userService.updateUserCredentials( credentials );
    }

    securityService.registerSuccessfulLogin( username );
}
 
Example #7
Source File: AuthenticationLoggerListener.java    From dhis2-core with BSD 3-Clause "New" or "Revised" License 5 votes vote down vote up
public void onApplicationEvent( AbstractAuthenticationEvent event )
{
    if ( log.isWarnEnabled() )
    {
        final StringBuilder builder = new StringBuilder();
        builder.append( "Authentication event " );
        builder.append( ClassUtils.getShortName( event.getClass() ) );
        builder.append( ": " );
        builder.append( event.getAuthentication().getName() );

        Object details = event.getAuthentication().getDetails();

        if ( ForwardedIpAwareWebAuthenticationDetails.class.isAssignableFrom( details.getClass() ) )
        {
            ForwardedIpAwareWebAuthenticationDetails authDetails = (ForwardedIpAwareWebAuthenticationDetails) details;
            String ip = authDetails.getIp();

            builder.append( "; ip: " );
            builder.append( ip );

            String sessionId = authDetails.getSessionId();
            if ( sessionId != null )
            {
                HashCode hash = Hashing.sha256().newHasher().putString( sessionId, Charsets.UTF_8 ).hash();
                builder.append( " sessionId: " );
                builder.append( hash.toString() );
            }

        }

        if ( event instanceof AbstractAuthenticationFailureEvent )
        {
            builder.append( "; exception: " );
            builder.append( ((AbstractAuthenticationFailureEvent) event).getException().getMessage() );
        }

        log.warn( builder.toString() );
    }
}